feat: Optimize Sign/verify Message #4077
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Package Neuron for Test | |
on: | |
issue_comment: | |
types: [created] | |
push: | |
jobs: | |
packaging: | |
if: ${{ (github.event_name == 'issue_comment' && github.event.issue.pull_request && startsWith(github.event.comment.body, '/package') && contains(fromJSON('["OWNER", "COLLABORATOR"]'), github.event.comment.author_association)) || github.event_name == 'push' }} | |
strategy: | |
matrix: | |
node: | |
- 20.15.1 | |
os: | |
- macos-latest | |
- ubuntu-20.04 | |
- windows-2019 | |
runs-on: ${{ matrix.os }} | |
permissions: | |
contents: read | |
pull-requests: read | |
name: ${{ matrix.os }}(Node.js ${{ matrix.node }}) | |
env: | |
MAC_SHOULD_CODE_SIGN: ${{ github.event_name != 'pull_request' && secrets.APPLE_ID != '' }} | |
WIN_CERTIFICATE_BASE64: ${{ secrets.WIN_CERTIFICATE_BASE64 }} | |
steps: | |
- name: Set git to use LF | |
run: | | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
- name: Checkout for push | |
uses: actions/checkout@v4 | |
if: ${{ github.event_name == 'push' }} | |
- name: Checkout for PR | |
uses: actions/checkout@v4 | |
if: ${{ github.event_name == 'issue_comment' }} | |
with: | |
ref: refs/pull/${{ github.event.issue.number }}/merge | |
- name: Ensure no more commits after the triggering comment | |
uses: actions/github-script@v7 | |
if: ${{ github.event_name == 'issue_comment' }} | |
env: | |
ISSUE_NUMBER: ${{github.event.issue.number}} | |
COMMENT_ID: ${{ github.event.comment.id }} | |
with: | |
script: | | |
const { ISSUE_NUMBER, COMMENT_ID } = process.env | |
let page = 1 | |
let hasFoundComment = false | |
while(true) { | |
const { data: timelines } = await github.rest.issues.listEventsForTimeline({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
issue_number: ISSUE_NUMBER, | |
page, | |
per_page: 100, | |
}) | |
if (timelines.some(v => { | |
hasFoundComment = hasFoundComment || (v.event === 'commented' && `${v.id}` === `${COMMENT_ID}`) | |
return hasFoundComment && v.event === 'committed' | |
})) { | |
throw new Error('The last commit comes after the comment, please comment and package after last commit') | |
} | |
if (timelines.length === 0) { | |
return | |
} | |
page += 1 | |
} | |
- name: Setup Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node }} | |
cache: "yarn" | |
- name: Restore | |
uses: actions/cache@v4 | |
with: | |
path: | | |
node_modules | |
*/*/node_modules | |
key: 2022-12-21-${{ runner.os }}-${{ hashFiles('**/yarn.lock')}} | |
- name: Add msbuild to PATH | |
if: matrix.os == 'windows-2019' | |
uses: microsoft/setup-msbuild@v2 | |
env: | |
ACTIONS_ALLOW_UNSECURE_COMMANDS: "true" | |
- name: Setup Certificate | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "${{ secrets.SM_CLIENT_CERT_FILE_BASE64 }}" | base64 --decode > /d/Certificate_pkcs12.p12 | |
shell: bash | |
- name: Set variables | |
if: matrix.os == 'windows-2019' | |
run: | | |
echo "SM_KEYPAIR_NAME=${{ secrets.SM_KEYPAIR_ALIAS }}" >> "$GITHUB_ENV" | |
echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" | |
echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" | |
echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" | |
echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH | |
echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH | |
echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH | |
shell: bash | |
- name: Setting up the client tools | |
if: ${{ matrix.os == 'windows-2019' && env.SM_API_KEY != '' }} | |
run: | | |
curl -X GET https://one.digicert.com/signingmanager/api-ui/v1/releases/smtools-windows-x64.msi/download -H "x-api-key:%SM_API_KEY%" -o smtools-windows-x64.msi | |
msiexec /i smtools-windows-x64.msi /quiet /qn | |
C:\Windows\System32\certutil.exe -csp "DigiCert Signing Manager KSP" -key -user | |
shell: cmd | |
- name: Certificates Sync | |
if: ${{ matrix.os == 'windows-2019' && env.SM_API_KEY != '' }} | |
run: | | |
smctl windows certsync | |
shell: cmd | |
- name: Install libudev | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y libudev-dev | |
- name: Install Lerna | |
run: yarn global add lerna | |
- name: Bootstrap | |
run: | | |
yarn | |
env: | |
CI: false | |
- name: Write electron-build Test yml | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const fs = require('node:fs') | |
const ympPath = 'packages/neuron-wallet/electron-builder.yml' | |
fs.writeFileSync(ympPath, fs.readFileSync(ympPath).toString().replace('asar: true', 'asar: false')) | |
- name: Package for MacOS | |
if: ${{ matrix.os == 'macos-latest' && env.MAC_SHOULD_CODE_SIGN == 'true' }} | |
run: | | |
./scripts/download-ckb.sh mac | |
yarn package:test mac | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
APPLE_ID: ${{ secrets.APPLE_ID }} | |
APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }} | |
CSC_LINK: ${{ secrets.MAC_CERTIFICATE_BASE64 }} | |
CSC_KEY_PASSWORD: ${{ secrets.MAC_CERTIFICATE_PASSWORD }} | |
TEAM_ID: ${{ secrets.TEAM_ID }} | |
USE_HARD_LINKS: false | |
- name: Package for MacOS for skip code sign | |
if: ${{ matrix.os == 'macos-latest' && env.MAC_SHOULD_CODE_SIGN == 'false' }} | |
run: | | |
export CSC_IDENTITY_AUTO_DISCOVERY=false | |
./scripts/download-ckb.sh mac | |
yarn package:test mac | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SKIP_NOTARIZE: true | |
USE_HARD_LINKS: false | |
- name: Package for Windows | |
if: matrix.os == 'windows-2019' | |
run: | | |
bash ./scripts/download-ckb.sh win | |
yarn build | |
bash ./scripts/copy-ui-files.sh | |
bash ./scripts/package-for-test.sh win | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Package for Linux | |
if: matrix.os == 'ubuntu-20.04' | |
run: | | |
./scripts/download-ckb.sh | |
yarn package:test linux | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
USE_HARD_LINKS: false | |
- name: Upload Neuron App Zip | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Mac-x64 | |
path: release/Neuron-*-mac-x64.zip | |
- name: Upload Neuron App Zip(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Mac-arm64 | |
path: release/Neuron-*-mac-arm64.zip | |
- name: Upload Neuron Dmg | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Dmg-x64 | |
path: release/Neuron-*-x64.dmg | |
- name: Upload Neuron Dmg(arm64) | |
if: matrix.os == 'macos-latest' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Dmg-arm64 | |
path: release/Neuron-*-arm64.dmg | |
- name: Upload Neuron Win | |
if: matrix.os == 'windows-2019' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Win | |
path: release/Neuron-*-setup.exe | |
- name: Upload Neuron Linux | |
if: matrix.os == 'ubuntu-20.04' | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Neuron-Linux | |
path: release/Neuron-*.AppImage | |
comment_when_package_success: | |
needs: [packaging] | |
name: Append links to the Pull Request | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
contents: write | |
steps: | |
- name: Comment by push event | |
if: ${{ github.event_name == 'push' }} | |
uses: peter-evans/commit-comment@v3 | |
with: | |
body: | | |
Packaging for test is done in [${{ github.run_id }}](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}) | |
- name: Comment by pull request comment event | |
if: ${{ github.event_name == 'issue_comment' }} | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
comment-id: ${{ github.event.comment.id }} | |
body: | | |
Packaging for test is done in [${{ github.run_id }}](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). @${{ github.event.comment.user.login }} | |
edit-mode: append | |
comment_when_package_failed: | |
needs: [packaging] | |
if: ${{ always() && needs.packaging.result == 'failure' }} | |
name: Append failed comment to the comment | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: write | |
steps: | |
- name: Comment by pull request comment event when package failed | |
if: ${{ github.event_name == 'issue_comment' }} | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
comment-id: ${{ github.event.comment.id }} | |
body: Packageing failed in [${{ github.run_id }}](https://github.com/${{github.repository}}/actions/runs/${{github.run_id}}). @${{ github.event.comment.user.login }} | |
edit-mode: append |